LogHunter Opsec tool for finding user sessions by analyzing event log files through RPC (MS-EVEN). I was once doing a very complex project where there were over 1000 hosts in the infrastructure. I needed...
gcpwn It consists of numerous enumeration modules I wrote plus exploit modules leveraging research done by others in the space (ex. Rhino Security) along with some existing known standalone tools like GCPBucketBrute to make...
Villain Villain is a high level C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells, enhance their functionality with additional features (commands, utilities etc) and share them among connected sibling servers...
AMSI Bypass via VEH A PowerShell AMSI Bypass technique via Vectored Exception Handler (VEH). This technique does not perform assembly instruction patching, function hooking or Import Address Table (IAT) modification. How it works: For...
MSSQL ATTACK TOOL The MSSQL ATTACK TOOL (M.A.T) was developed at SySS internally in a Research & Development project. The tool, programmed in C#, allows for the fast discovery and exploitation of vulnerabilities in...
MDE_Enum MDE_Enum is a comprehensive .NET tool designed to extract and display detailed information about Windows Defender exclusions and Attack Surface Reduction (ASR) rules. It is capable of querying both local and remote systems...
TheAllCommander Framework for modeling and researching C2 communications for developing efficient filtering and detection logic. TheAllCommander 2.1 (April 2024) includes support for logging telemetry data gathered from test daemons, as well as alpha support...
Fragtunnel Fragtunnel is a PoC TCP tunneling tool that exploits the design flaw that IDS/IPS engines and Next Generation Firewalls have; therefore, it can tunnel your application’s traffic to the target server and back...
DonPAPI DonPAPI automates secrets dump remotely on multiple Windows computers, with defense evasion in mind. Collected credentials: Chromium browser Credentials, Cookies, and Chrome Refresh Token Windows Certificates Credential Manager Firefox browser Credentials and Cookies...
BlueSpy – PoC to record audio from a Bluetooth device This repository contains the implementation of a proof of concept to record and replay audio from a Bluetooth device without the legitimate user’s awareness....
File Tunnel Tunnel TCP connections through a file. Compatibility SMB NFS AFP windows-x64 Y Y Unknown – please let me know linux-x64 Y Y Unknown – please let me know linux-arm64 Unknown – please...
DojoLoader DojoLoader is a generic PE loader initially created to prototype sleep obfuscation techniques with Cobalt Strike UDRL-less raw Beacon payload, in an attempt to reduce debugging time with UDRLs. DojoLoader borrows the MemoryModule...
Evil-WinRM This shell is the ultimate WinRM shell for hacking/pentesting. WinRM (Windows Remote Management) is the Microsoft implementation of the WS-Management Protocol. A standard SOAP-based protocol that allows hardware and operating systems from different...
SQLiDetector Simple Python script supported with BurpBouty profile that helps you to detect SQL injection “Error based” by sending multiple requests with 14 payloads and checking for 152 regex patterns for different databases. The...
ROP ROCKET This new, advanced ROP framework made it debut at DEF CON 31 with some unprecedented capabilities. ROCKET generates several types of chains, and it provides new patterns or techniques. Powerful ROP Capabilities...
BadZure BadZure is a PowerShell script that leverages the Microsoft Graph SDK to orchestrate the setup of Azure Active Directory tenants, populating them with diverse entities while also introducing common security misconfigurations to create...
